AT&T privacy breach costed it $25 million

On Wednesday, AT&T has agreed to pay $25 million to settle an investigation into data breaches at its call centers in Mexico, Colombia and the Philippines that leaked personal information of about 280,000 U.S customers federal regulators. The breach included some serious data like subscriber’s social security number.

The employees were paid to give away the confidential information of its subscribers so that resellers can unlock used phones. The Federal Communications Commission said, a mysterious man in Mexico known as El Pelon, who seems to have using the data to unlock stolen cell phones, has paid the staff. The call centers were operated by the third parties that handled calls from U.S customers. The breach has started two years back and continued until last year.

In late 2013, AT&T made changes to how phones could be unlocked, needing that some information to be fed into AT&T’s website, including the former owner’s email, the last four digits of his or her Social Security number and more. This made it more complex to unlock the used smartphones, putting a damper on the market.

The revelation opened eyes for many and brought some light on the dark market for the used smartphones, which has opened up in recent years as customers look for means to keep up with the fast pace of upgrades from companies like Apple Inc and Samsung Electronics Co. Major carriers and number of specialists in the market provide phone trade-in programs.

The dark market was stirred in late 2013 when AT&T cracked down on large-scale unlocking and required current and former customers to enter their personal details into their website to unlock the phone. The change caused the price of the used AT&T iPhone to fall, as the middleman were short of codes to unlock them.

It is suggested that at least two employees at Mexican call center were paid to breach the policy and get access of 68,000 accounts without the customers’ knowledge. The information was then used to unlock the phones. Another 211,000 customer accounts were accessed by about 40 workers in Colombia and the Philippines, the FCC said.

AT&T spokesperson Fletcher Cook stated the company is working to end its contracts with the call-center sites involved. He added, “we have changed our policies and strengthened our operations. Also, we have or are reaching out to affected customers to provide additional information.”

FCC said that some unlocked phone could have been stolen. Getting reliable information and figures on smart phone theft are sparse. A survey by Consumer Report in 2014 estimated thieves stole 3.1 million smart phones in the U.S in 2013 which is lot more than 2013. The breach has gone undetected for many months said the commission. The probe was started in May last year.

The settlement from the company requires it to offer affected customers with free credit-monitoring services and appoint an overseer to protects its data in future.